Medical Practice Application Requirements

Organizations that develop and operate applications for medical practices, commonly referred to as electronic medical record systems, must meet the following requirements to integrate with the ministry's health information exchange systems:

  1. Point-of-service applications will be hosted by an application service provider.
  2. Data hosting will meet privacy and security requirements.
  3. The application service provider solution will be connected to the provincial health sector network through the provincial extranet.

Application Service Provider Solution

Electronic medical record systems (EMRs) must be hosted by an application service provider (ASP). EMRs not hosted by an ASP will not be permitted to connect to the ministry's health information exchange systems. An ASP provides network-based access to software services and involves:

  • Remotely hosting a client's electronic medical record system, application and data on its secured computer servers
  • Providing client access through a web browser or thin client
  • Professionally managing the servers and other related technologies; and
  • No client server hardware or software is required at the point of care

Data Hosting Security

The Privacy and Security Conformance Standards (PDF, 649KB) includes the complete data hosting requirements needed to fully protect patient privacy and confidentiality, and provide high quality service delivery. The following are examples of the requirements the application service provider must include:

  • Physical and environmental security measures, including:
    • Strong physical security perimeters, alarmed fire doors, and armoured windows
    • Entry and exit logs
    • Locks activated by keypads, swipe cards or equivalent
    • Intruder alarms
    • Security guards; and
    • Recorded video surveillance
  • Commercial-grade firewalls and intrusion/detection systems
  • System monitoring and auditing for unauthorized access

Network Connectivity

The application service provider solution must acquire and provide software service delivery over a dedicated TELUS circuit between the electronic medical record's data centre and the provincial extranet, which is an aggregation and access point into British Columbia's dedicated health sector network.

Review the latest release of the conformance standards.